Posted on June 4, 2019 by Louise Howland
Welcome to episode 12 of Cyber Chat. This week Rob May gives his 6 top tips for better cybersecurity, including; having a cyber response plan, regular staff training, Cyber Essentials accreditation and phishing tests.
Managing the ongoing cybersecurity of your IT infrastructure should be a primary concern – whatever the shape or size of your organisation. Cybersecurity breaches are the number one threat in today’s business landscape. Incidents come in many forms: cyber attacks; laptops left on trains; malicious staff; or, even more simply, accidental data loss caused by human error. The human firewall is vital as a line of defence for any organisation and in this video Rob, author of The Human Firewall (available on Amazon) explains what the Human Firewall is.
Hi, I’m Rob May, I’m MD of ramsac and welcome to Cyber Chat. Today, I just want to leave you with my top 6 tips of things that you absolutely must be doing. You’ll know if you’ve come to one of my training sessions or one of my talks, there’s loads and loads of actions that we can all take to protect ourselves. But what are the top things?
Number 1 is you’ve got to train your staff, you’ve got to have cyber education. And not only have you got to do it. You’ve got to be able to prove that you’ve done it. So, keep records, if you’re using online training make sure you’re keeping the audit report and so on. You need to be able to prove to the ICO that your staff have had cyber education.
Number 2 is get or keep cyber on your board agenda. If you’re a Director, you need to be able to prove that the board is taking cyber seriously. Cyber is not an IT problem, cyber is a problem for the Board of Directors. So, get it on your agenda, get it in your minutes. So, that again when you have a breach and you have an inspection, you can prove that the business has taken this seriously.
Number 3 is make sure you’ve got a cyber response plan. It’s mandated by GDPR, you’re expected to have a cyber response plan. But do staff know where it is? Do staff understand it? And has it been tested, like any form of business continuity plan? Your cyber response plan needs to be checked and it needs to be tested, so make sure you do that.
Number 4 is, have your business penetration tested. So, a penetration test or a pen test is essentially where you’re paying a friendly hacker to try and hack into your system. And when you book your pen tests and that might be mandated if you’re a regulated business. You might already be regulated that you, sorry, you might already be mandated that you have to do a pen test. But when you have that I also recommend that you also do social penetration testing. And this is where the business will try and work people use social engineering, make phone calls, walk into reception and so on and try and trick people. Which a big part of cyber is about.
Number 5 is get Cyber Essentials accredited. Get that certification that shows the outside world that you take your clients data seriously. It’s very easy to do, talk to your relationship director at ramsac and they will take you through the process to get certified but make sure you do that.
And number 6 is, subscribe to phishing tests. So, we can very easily set up tests for you so that your staff receive phishing emails, that look like real phishing emails in the wild, but if clients actually click on them, then they get training and it gets pointed out that this was fake. The average business in the UK, when they first start this process, we expect 28% of employees to click on links in fake phishing emails. So, it really is a problem, but it’s a really easy one for you to address in terms of training.
So, there’s 6 top tips for you. I hope that’s useful. I look forward to speaking to you again soon. Thank you.